Working with Moogsoft OnPrem: How to target an auto-ticketing workflow(Service Now Management) to a specific host.

-

Suppose you want to create auto-tickets from Moogsoft situations for a specific host. This article explains how to map the required field into the situation's custom info field and use that field to target the auto-ticketing workflow using Service Now Management integration.



Steps to bring required alert field to situation custom info :- 

We assume that the required alert field containing the host name is already present in the alert’s custom info field named 'host.' However, it is not appearing in the situation’s custom info field because the mapping has not been done yet.

In this case, we can leverage cookbook recipe macros to map the field into the situation’s custom info.

Moogsoft uses the Situation Manager Labeler to provide better context for situations, allowing you to add data that helps operators diagnose and resolve issues more efficiently.

In this solution, we will use the Cookbook Recipe definition for situation labeling.

We will utilize the MAP macro to map the custom info field for the situation.

Example of the MAP macro format:

$MAP[$MACRO(source alert field, destination custom_info field)]

In our scenario, we will extract the value from the alert’s custom_info.host field and place it in the situation’s custom_info.hostname.

We will also use the TOP macro to avoid creating a list and ensure that only the highest contributing hostname from alerts is used in a situation (in this case, we assume that the situation is created solely from alerts from a single host).

Sample :- $MAP[$TOP(custom_info.hostcustom_info.hostname)]

This will map the host field into the hostname field of that situation.


Creating the workflow :- 

Browse to settings , under Automation section click on Workflow Engine , go to Situation workflows and click on Add workflow.





Under Workflow Definition give a name to the workflow , write an appropriate description.

Defining the Workflow:

In the Entry Filter section under Workflow Definition, specify the filter criteria to target the workflow to the desired host.

Filter for our scenario:
(custom_info.hostname="name of your host")

Next, configure the Delay section. Add a delay if you want to wait for the situation to clear automatically before creating an incident.

If a delay is added, you’ll need to check the severity of the situation in the subsequent action. Create an action for this step and add the checkSeverity function. Since we only want to create a ticket if the severity is Critical, set the severity value to 5.

Finally, under the action’s Forwarding Behavior, select Stop This Workflow to halt further processing.




Adding the Action for Ticket Creation:
To create a ticket, add the createIncident function.

In the Arguments section, configure the following:

  • serviceName: Set this to "servicenowmgmt".
  • instanceName: Provide the name of your ServiceNow Management integration, e.g., "MyServiceNowIntegration".
  • templateName: Use "createSituationTicket".
  • Leave the other arguments empty or configure them as needed.

For the Forwarding Behavior, set it to Always Forward for this action.

Once configured, you’re all set. Wait for a situation to be generated for the target host and validate the ticketing process.


For more info on this please refer to the Moogsoft documentation :-

https://docs.moogsoft.com/v9/en/moogsoft-onprem-v9-0.html?


With the workflow successfully configured, you now have an automated solution for generating tickets in response to situations for a specific host. This process ensures efficient incident management by leveraging Moogsoft’s powerful workflow engine and integration capabilities. By targeting specific scenarios and applying precise filters, you can streamline operations and improve response times. Test and validate the setup to ensure seamless functionality, and you're ready to handle critical situations with ease.





Comments

Post a Comment

Popular posts from this blog

The Importance of Monitoring in Modern IT Environments

-
Image
The Importance of Monitoring in Modern IT Environments In today's fast-paced and complex IT landscape, monitoring has become a critical aspect of maintaining system performance, reliability, and security. As organizations increasingly rely on cloud computing, IoT devices, and distributed architectures, the need for real-time visibility into infrastructure and applications has never been greater. Effective monitoring allows IT teams to track performance metrics, detect issues early, and ensure that systems are running smoothly. By collecting and analyzing data from various sources, monitoring tools can provide insights into potential vulnerabilities, system health, and user experience, enabling proactive resolution before issues impact business operations. Moreover, monitoring supports key functions like incident management, compliance, and optimization. It ensures uptime, improves operational efficiency, and helps identify areas for cost savings. In the age of digital transformatio...
Read more

Working with PagerDuty :: How to fetch audit records from PagerDuty for a month using rest API and Node JS

-
  PagerDuty is a powerful incident management and response platform widely used for managing IT alerts and orchestrating on-call workflows. As an IT infrastructure engineer or developer, you might need to access and analyze audit records to track system changes, ensure compliance, or troubleshoot issues. Fortunately, PagerDuty provides a REST API that makes it straightforward to programmatically fetch audit records. In this guide, we'll explore how to retrieve a month's worth of audit records from PagerDuty using the REST API and Node.js. We'll cover everything from setting up your API access keys to implementing efficient pagination for large datasets, ensuring you can effortlessly pull the data you need for analysis or reporting. Whether you're a seasoned developer or just getting started with PagerDuty integrations, this walkthrough will equip you with the skills to work effectively with its API. Steps to Create a Read-Only API Key for Fetching Audit Records from Pag...
Read more